Russia is merging cyberattacks with conventional war – Grid News

ADVERTISEMENT

Russia is merging cyberattacks with conventional war

The crisis in Ukraine could mark a dubious global milestone: the first major military conflict accompanied by a large-scale cyber campaign.

There are signs that cyber conflict is already well underway. On Wednesday, Ukraine was hit by a distributed denial of service attack that disrupted numerous government websites by overloading them with traffic. Ukrainian authorities said Wednesday that the attacks were “connected with the secret services of the aggressor country,” and that phishing attacks, the spread of malware and attempts to infiltrate public and private networks “have intensified.”


Hear more from Benjamin Powers about this story:


Cyberattacks last week knocked out the websites of Ukraine’s army, defense and foreign ministries, and major banks — an attack that Ukrainian and U.S. officials have both attributed to Russia. And in mid-January, Ukrainian government websites were targeted by malware designed to render infected computers inoperable.

The EU has activated its cyber rapid-response team — a team of experts from six countries — for the first time to help Ukraine ward off further online attacks, and Australia has said that it too is providing cyber security assistance to the beleaguered nation. The U.S. has been working for years to help Ukraine harden its networks and cyber defenses.

ADVERTISEMENT

But it’s not clear how far those allies are prepared to go to prevent a full-on cyber war, a scenario that could cripple Ukraine’s economy, potentially cause loss of life and further hamper its ability to respond to a Russian invasion. And it’s too soon to say whether Russia will unleash its offensive cyber capabilities on Ukraine’s allies.

The U.S. Cybersecurity and Infrastructure Security Agency has warned in recent days that the country’s private sector is vulnerable to attack, and British authorities have issued similar advisories. At least one governor, New York’s Democratic Kathy Hochul, has warned against potential Russian cyber actions, citing her state’s status as a “leader in the finance, healthcare, energy, and transportation sectors.” An attack of this kind would bring a far-off conflict home in a way the country hasn’t experienced for decades.

“The last thing that the Biden administration wants to do is get into a tit-for-tat with Russia in cyberspace,” said Dmitri Alperovitch, founder of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University and chairman of the Silverado Policy Accelerator, a D.C. think tank. “The Russians could obviously do a lot to hurt us. So the [Biden administration] is going to be very, very careful about how they do it. One of the advantages that the Russians have in cyberspace is that they don’t have any limits.”

Cyber jousting

Ukraine has faced a barrage of cyberattacks in recent years that its government and U.S. security forces have attributed to Russia. Russian hackers disabled parts of Ukraine’s power grid in 2015. Two years later, the malware known as NotPetya disrupted Ukrainian government agencies and companies on the eve of a major national holiday — Constitution Day — before spreading across the world.

Ukraine’s government cybersecurity agency, CERT, said Monday that it had seen warnings in hacker forums of attacks this week against public sector, banking and defense websites. The agency said that the warnings suggested that the coming wave of attacks would be more disruptive than the distributed denial of service attacks last week against Ukraine’s defense ministry, other parts of the government and the country’s banks, which lasted for only a few hours.

ADVERTISEMENT

On Wednesday, major websites, including those of Ukraine’s cabinet of ministers, foreign affairs ministry and some banks, were hit by a distributed denial of service attack, according to Mykhailo Fedorov, the country’s minister of digital transformation. It is not yet clear whether the attack is more severe than other recent incidents.

The government asked Ukrainians to update their operating systems and back up critical resources, among other measures. “Let’s stand together for Ukraine!” the State Service for Special Communication and Information Protection of Ukraine said in a statement.

Cyberattacks are a major part of Russia’s military strategy abroad, White House Deputy National Security Adviser Anne Neuberger said Friday. The recent spate of attacks in Ukraine was meant to disrupt the country while collecting intelligence and “could be leveraged if Russia takes further military action against Ukraine,” she said.

With that in mind, the U.S. has spent years, and millions of dollars, working with Ukraine to shore up its critical infrastructure. The results have been mixed, as illustrated by the trio of major attacks in just the last two months.

But while Ukraine hasn’t been able to ward off every cyber onslaught, it has become adept at bouncing back, Alperovitch said.

“One of the things that the Ukrainians are really, really good at is resiliency and recovery from cyberattacks,” he added. “They have eight years of doing that. So they may not be very good on defense, but once they get hit, they tend to be back up and running pretty quickly.”

Several experts said that Russia has far greater cyber capabilities than it has displayed in the Ukraine fight so far. None of the incidents so far has amounted to a cataclysmic cyberattack, said Andrei Soldatov, a senior fellow with the Center for European Policy Analysis and an investigative journalist who has covered Russia’s security services for more than two decades.

“I think now what makes more sense is for them to wait until there is something like airstrikes,” he said. “Because if you combine that with cyber, you can attack the country’s infrastructure and send a message to the population saying that your government is completely dysfunctional.”

The playbook Russia seems to be following is familiar. Before invading Georgia in 2008, Russia defaced Georgian websites and launched distributed denial of service attacks to shut down Georgian servers.

“Cyber attacks can be costly for individual organizations and may even seem frightening to some, but their real target is our perceptions,” said Sandra Joyce, head global intelligence at the cybersecurity firm Mandiant in a blog post on Feb. 15. “The purpose of these cyber attacks is not simply to wipe hard drives or turn out the lights, but to frighten those who cannot help but notice.”


ADVERTISEMENT

But if Russia were to launch a massive cyberattack, Soldatov thinks the obvious target would be Ukraine’s power grid. Disrupting the grid in winter could send Ukrainian refugees into Russia, furthering Russian President Vladimir Putin’s false argument that Russia’s actions are humanitarian interventions rather than the prelude to a large-scale invasion.

Shoring up defenses

President Joe Biden has made clear that the U.S. will defend itself and its allies against any Russian attacks.

“If Russia attacks the United States or our allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond,” he said in a speech on Feb. 15. “We’re moving in lockstep with our NATO allies and partners to deepen our collective defense against threats in cyberspace.”

It’s not clear what form a retaliatory attack from the U.S. would take. But Neuberger said Friday that the U.S. has been preparing for Ukraine-related cyberattacks against itself or allies since November 2021. That’s when Russia began massing troops near its border with Ukraine and in Crimea — which it invaded in 2014 and forcibly annexed from Ukraine.

There are a variety of ways the Biden administration and its allies are supporting Ukraine.

ADVERTISEMENT

For instance, the U.S. military’s Cyber Command has “cyber mission forces” that can be deployed to assess and identify various vulnerabilities around the world. The military has deployed such teams ahead of U.S. elections as part of its “Defend Forward” doctrine to protect critical infrastructure, said Katerina Sedova, a research fellow at Georgetown University’s Center for Security and Emerging Technology.

“There’s precedent for this, and certainly national security interest not only to help defend Ukraine, but also [to] have real-time access to the tactics, techniques and procedures Russia might deploy in Ukraine and direct to the U.S. [and] U.K.,” she said, adding that staff from private-sector cybersecurity firms could play a role.

The New York Times reported in December that the U.S. and U.K. had sent cyberwarfare teams to Ukraine to help ward off Russian attacks. And earlier this month, Neuberger went to NATO headquarters in Brussels to help prevent and prepare for any Russian cyber offensive.

What’s surprising, Alperovitch said, is how ineffective Russia’s cyber strategy has become since 2014, when it launched a coordinated attack and dissemination of disinformation to disrupt Ukrainian elections. Multiple cyberattacks over the last eight years have yielded little progress toward the regime change that Russia seemingly desired — resulting in the recent move toward more conventional warfare.

That could extend to the internet.

ADVERTISEMENT

One of Russia’s most effective military actions could be to cut off news from Ukraine by physically attacking the country’s nine or so public internet exchange points, Alperovitch said. These points allow internet service providers to exchange data, enabling the internet to function. Disrupting or destroying those points would render useless any remote capabilities the U.S. and allies were lending to Ukraine (but that could hamper some of Russia’s own capabilities as well).

But the people tasked with protecting against a cyberattack may be more focused on their own safety and that of their families during the conflict, Alperovitch added. “You’re going to have those defenders that are going to be working to identify cyberattacks and respond to them thinking hard about what they need to do to protect their families in a time of war,” he said. “Or whether they’re going to sign up to go fight, for example. You may actually lose a lot of personnel while you desperately need them.”

Feds to U.S.: Be prepared

The Biden administration has not ruled out the possibility that Russia could direct cyberattacks at U.S. companies or agencies as the Ukraine crisis continues. Top officials, including Neuberger and Homeland Security Secretary Alejandro Mayorkas, have said in recent days that the federal government has not identified any credible attacks directed at the U.S. as a result of its support for Ukraine.

Still, the government is urging the private sector to brace for potential attacks. On Feb. 16, CISA, the FBI and the National Security Agency issued a joint notice about Russian state-sponsored actors targeting defense contractor networks in the United States. CISA has launched a campaign called “Shields Up” listing steps that businesses should take to protect themselves.

The government has also shared technical information about how Russia attacked Ukraine’s power grid with operators of critical U.S. infrastructure to help them identify any similar activity on their networks.

ADVERTISEMENT

The National Security Council did not respond to questions about how the U.S. might further support Ukraine in its defense against cyberattacks. A CISA spokesperson responded to Grid’s queries about the hardening measures the agency is encouraging U.S. companies to adopt by pointing to its Shields Up website.

This article has been updated.

  • Benjamin Powers
    Benjamin Powers

    Technology Reporter

    Benjamin Powers is a technology reporter for Grid where he explores the interconnection of technology and privacy within major stories.